Check List for Record Management Compliance
Posted: Thursday, August 31, 2006
by George Hardie
Gosford Micrographics Pty Ltd
In the recent issue of IDM (Image & Data Manager) magazine (May/June 2006) there are numerous articles on compliance:
- Compliance: Where the bloody hell is it?
- Service Delivered Compliance
- Digital Archiving Compliance
- Compliance Guide.
The ISO Standard for Records Management (ISO 15489) defines a record as" information created, received and maintained as evidence, and information by an organisation or person, in pursuance of legal obligations or in the transaction of business." Quite a broad statement that means that SMS messages, e-mail, Instant Messenger conversations, video conference and phone conversations can be included as part of a business transaction or legal obligation for the purpose of complete and compliant recordkeeping.
What are the Compliance Criteria:
|
Criteria |
Definition |
|
Trustworthy |
The records can not be altered or deleted without leaving a trail of evidence. |
|
Complete Record |
Capture both internal & external communications relating to a business transaction or legal obligation |
|
Retention Period |
The length of time a record is useful to the organisation and/or to comply with State and Federal Government regulations. These may vary from 6 months to Never To Be Destroyed |
|
Privacy |
Protect against unauthorised access to records, especially personal data. |
|
Chain of Custody |
An audit trail of all transactions with the record eg when it was accessed and by whom. |
Now lets compare those criteria against the various systems of hard-copy, electronic and microfilm.
|
Criteria |
Hard-copy |
Electronic |
Microfilm |
|
Trustworthy |
Paper records are difficult to alter, but easy to dispose of by physical effort of tearing, or shredding, or fire or water. |
With enormous effort and firewalls and security systems there is some level of security. However there is no protection from hardware failure, micro-code or macro-code programs altering system parameters and manipulating data. The security system are monitoring access from above the operating system level not from within the operating system or the Intel code for the processor chip.
In 30-50 years time will the software application still exist that allows access and viewing/printing capabilities?
What is the life expectancy of CD, DVD or tape? |
Once process the photographic frames can be altered. These frames are a realistic copy of the original.
Original camera masters are stored in a secure environmentally controlled vault 8-10oC & 35% humidity.
Duplicate copies of the original master are utilised for day-to-day access.
Microfilm has existed for 100+ years and is still accessible via an optical lens and a light source.
Therefore microfilm has no dependency on technology.
The current microfilm has a Life Expectancy of 500 years when stored correctly. |
|
Complete Record |
All incoming and outgoing correspondence can date stamped and stored in a physical folder. All electronic communication can be printed and date stamped and stored in the same folder. A complete hard-copy record can be maintained. Though the physical storage requirements are very high. |
Ability to capture all forms of communication. Hard-copy & microfilm can be digitised. Voice communication can captured as an audio file. All other communications are electronic and can be easily captured. This is directly dependent upon technology and software applications.
The physical storage requirements can be quite complex with backups and alternative storage for disaster recovery. Therefore the retrieval of the electronic version will be directly dependent upon what technology was utilised during the creation and backup. |
Ability to capture hard-copy and electronic documents as photographic frames. E-mails, SMS messages and audio files can be transcribed to print. Therefore can be captured onto microfilm as a permanent & complete record. The advantage is the physical storage space for microfilm is extremely low. |
|
Retention period |
All records can be identified within an electronic record management system (ERMS). The Disposal Authority that is linked to the ERMS can notify an administrator of the need to dispose of or relocate the hard-copy file. |
Disposal Authorities can be easily set-up to maintain compliance to retention periods. These DA interact with recordkeeping system to notify the administrator what records are to be destroyed or relocated to longer term storage. |
All records can be identified within an electronic record management system (ERMS). The Disposal Authority that is linked to the ERMS can notify an administrator of the need to dispose of or relocate the microfilm. |
|
Privacy |
Access to hard-copy records has a physical security. The hard-copy file can be stored in secure area with access only through a security card and signature. |
Access to electronic records can be controlled through access rights and user privileges within the operating system and within the specific software application.
Can I overide these security measures as a hacker or a trojan horse virus I certainly can |
Access to microfilm records has a physical security. The microfilm can be stored in secure area with access only through a security card, signature and single microfilm reader. |
|
Chain of Custody |
Chain of custody is maintained by a physical record and signature. Sometime a bar-code is utilised for the check-in/out process.
However anyone can easily misplace a document or a specific page within the file. As the tracking system tracks the folder not each individual page. |
Electronic systems produce an audit log of all access and alterations to the electronic record. However the audit log can be altered using either Microsoft's Notepad or Wordpad applications. With Server Administrator rights it is easy to clear the System log file so as to prevent a log being kept of the system and/or application event. |
Microfilm usually has a Camera Master, security copy and daily use copy.
Anyone wanting the microfilm would sign for the daily copy and the master copy will always be a secure environment.
To misplace a frame from microfilm it must be cut and the film spliced. This is a physical change to the daily copy but does not change the original.
Preservation wise the microfilm stands alone in insuring that the documentation is always an original copy and can not be altered. |
In conclusion the only best practice is to utilise electronic for ease of access and microfilm for long-term preservation of the original documentation/business transaction. Imagine having your critical business information not only saved electronically but preserved in microfilm. With any litigation you would be able produce a guaranteed copy of the original document that no-one could dispute.
********************************************************************************
George has 20+ years experience in document and record management. He is now working for Gosford Micrographics in Australia assiting organisation with their record compliance issues.
This Article has been viewed 391 times. (Not updated in real-time.)
No comments yet.We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.